mirror of
https://github.com/laurivosandi/certidude
synced 2024-12-23 00:25:18 +00:00
Add openvpn-status.log support
This commit is contained in:
parent
1925207a6d
commit
1ec5ad3b7c
@ -75,7 +75,7 @@ class SessionResource(object):
|
|||||||
) if req.context.get("user").is_admin() else None,
|
) if req.context.get("user").is_admin() else None,
|
||||||
features=dict(
|
features=dict(
|
||||||
tagging=config.TAGGING_BACKEND,
|
tagging=config.TAGGING_BACKEND,
|
||||||
leases=False, #config.LEASES_BACKEND,
|
leases=config.LEASES_BACKEND,
|
||||||
logging=config.LOGGING_BACKEND))
|
logging=config.LOGGING_BACKEND))
|
||||||
|
|
||||||
|
|
||||||
@ -122,7 +122,7 @@ def certidude_app():
|
|||||||
from .revoked import RevocationListResource
|
from .revoked import RevocationListResource
|
||||||
from .signed import SignedCertificateListResource, SignedCertificateDetailResource
|
from .signed import SignedCertificateListResource, SignedCertificateDetailResource
|
||||||
from .request import RequestListResource, RequestDetailResource
|
from .request import RequestListResource, RequestDetailResource
|
||||||
from .lease import LeaseResource
|
from .lease import LeaseResource, StatusFileLeaseResource
|
||||||
from .whois import WhoisResource
|
from .whois import WhoisResource
|
||||||
from .tag import TagResource, TagDetailResource
|
from .tag import TagResource, TagDetailResource
|
||||||
from .cfg import ConfigResource, ScriptResource
|
from .cfg import ConfigResource, ScriptResource
|
||||||
@ -140,8 +140,11 @@ def certidude_app():
|
|||||||
app.add_route("/api/", SessionResource())
|
app.add_route("/api/", SessionResource())
|
||||||
|
|
||||||
# Gateway API calls, should this be moved to separate project?
|
# Gateway API calls, should this be moved to separate project?
|
||||||
app.add_route("/api/lease/", LeaseResource())
|
if config.LEASES_BACKEND == "openvpn-status":
|
||||||
app.add_route("/api/whois/", WhoisResource())
|
app.add_route("/api/lease/", StatusFileLeaseResource(config.OPENVPN_STATUS_URI))
|
||||||
|
elif config.LEASES_BACKEND == "sql":
|
||||||
|
app.add_route("/api/lease/", LeaseResource())
|
||||||
|
app.add_route("/api/whois/", WhoisResource())
|
||||||
|
|
||||||
# Optional user enrollment API call
|
# Optional user enrollment API call
|
||||||
if config.USER_CERTIFICATE_ENROLLMENT:
|
if config.USER_CERTIFICATE_ENROLLMENT:
|
||||||
|
@ -28,6 +28,27 @@ def parse_dn(data):
|
|||||||
return ", ".join(generate())
|
return ", ".join(generate())
|
||||||
|
|
||||||
|
|
||||||
|
class StatusFileLeaseResource(object):
|
||||||
|
def __init__(self, uri):
|
||||||
|
self.uri = uri
|
||||||
|
|
||||||
|
@serialize
|
||||||
|
@login_required
|
||||||
|
@authorize_admin
|
||||||
|
def on_get(self, req, resp):
|
||||||
|
from openvpn_status import parse_status
|
||||||
|
from urllib import urlopen
|
||||||
|
fh = urlopen(self.uri)
|
||||||
|
status = parse_status(fh.read())
|
||||||
|
for cn, e in status.routing_table.items():
|
||||||
|
yield {
|
||||||
|
"acquired": status.client_list[cn].connected_since,
|
||||||
|
"released": None,
|
||||||
|
"address": e.virtual_address,
|
||||||
|
"identity": "CN=%s" % cn, # BUGBUG
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
class LeaseResource(object):
|
class LeaseResource(object):
|
||||||
@serialize
|
@serialize
|
||||||
@login_required
|
@login_required
|
||||||
|
@ -68,6 +68,8 @@ TAGGING_BACKEND = cp.get("tagging", "backend")
|
|||||||
LOGGING_BACKEND = cp.get("logging", "backend")
|
LOGGING_BACKEND = cp.get("logging", "backend")
|
||||||
LEASES_BACKEND = cp.get("leases", "backend")
|
LEASES_BACKEND = cp.get("leases", "backend")
|
||||||
|
|
||||||
|
OPENVPN_STATUS_URI = cp.get("leases", "openvpn status uri")
|
||||||
|
|
||||||
|
|
||||||
if "whitelist" == AUTHORIZATION_BACKEND:
|
if "whitelist" == AUTHORIZATION_BACKEND:
|
||||||
USERS_WHITELIST = set([j for j in cp.get("authorization", "users whitelist").split(" ") if j])
|
USERS_WHITELIST = set([j for j in cp.get("authorization", "users whitelist").split(" ") if j])
|
||||||
|
@ -60,9 +60,20 @@ backend = sql
|
|||||||
database = sqlite://{{ directory }}/db.sqlite
|
database = sqlite://{{ directory }}/db.sqlite
|
||||||
|
|
||||||
[leases]
|
[leases]
|
||||||
backend = sql
|
|
||||||
schema = strongswan
|
[leases]
|
||||||
database = sqlite://{{ directory }}/db.sqlite
|
backend =
|
||||||
|
|
||||||
|
;backend = sql
|
||||||
|
;schema = strongswan
|
||||||
|
;database = sqlite://{{ directory }}/db.sqlite
|
||||||
|
|
||||||
|
# Following was used on an OpenWrt router
|
||||||
|
# uci set openvpn.s2c.status=/www/status.log
|
||||||
|
# uci commit; touch /www/status.log; chmod 755 /www/status.log
|
||||||
|
;backend = openvpn-status
|
||||||
|
;openvpn status uri = /var/log/openvpn-status.log
|
||||||
|
openvpn status uri = http://router.example.com/status.log
|
||||||
|
|
||||||
[signature]
|
[signature]
|
||||||
certificate lifetime = {{ certificate_lifetime }}
|
certificate lifetime = {{ certificate_lifetime }}
|
||||||
|
Loading…
Reference in New Issue
Block a user